How it works

From PasswordMaker

You provide PasswordMaker two pieces of information: a master password -- that one, favorite password you like -- and the URL of the website requiring a password (for internet applications without URLs, such as instant messaging, you can make up any URL you like; e.g., aolinstantmessenger.com).

Although one-way hash algorithms have a number of interesting characteristics, the one capitalized on by PasswordMaker is that the resulting hash (password) "does not reveal anything about the input (your master password) that was used to generate it." [1]

In other words, if someone has one or more of your generated passwords, it is computationally infeasible for him to derive your master password or to calculate your other passwords. Computationally infeasible means even computers like this won't help!

Security features offered by the Browser Extension version of PasswordMaker - such as the ability to automatically insert generated passwords into a web sites' password box, helps protect you from key-loggers and/or trojan horses that some "Black Hats" use to try to steal passwords. For more details, visit the FAQ.

What About Portability?

For times when you must use an unsupported browser or can't install the extension for some other reason, there's an online version which mimicks the extension and works in all browsers new and old. No downloads or installations are required.

Additionally, there is a stand-alone version for Windows, Linux and Mac desktops, as well as a command-line version that can be integrated with custom applications.

Lastly, there is a J2ME version for mobile phones and PDAs in the works, although there is little happening at the moment. If you are interested in seeing this implemented more quickly and are willing to sponsor its development, please add a post in the Forums and someone will get in touch with you to discuss terms.